summaryrefslogtreecommitdiff
path: root/python
AgeCommit message (Collapse)AuthorFilesLines
2013-09-19python/drs: Ensure to pass in the local invocationID during the domain joinAndrew Bartlett3-4/+10
This ensures (and asserts) that we never write an all-zero GUID as an invocationID to the database in replPropertyMetaData. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-18OpenLDAP provisioning tweaksHoward Chu1-33/+25
Remove BerkeleyDB-specific setup. Streamline cn=samba partition initialization - allow any backend type for it. Use back-mdb instead of back-ldif for cn=samba partition Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Wed Sep 18 21:39:51 CEST 2013 on sn-devel-104
2013-09-18Use SASL/EXTERNAL over ldapi://Howard Chu1-3/+4
The provision script will map the uid of the user running the script to the samba-admin LDAP DN. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-18Give slapd a second to startupHoward Chu1-1/+1
Moving the sleep to the beginning of the loop avoids most occurrences of the "connection failed" message Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Wed Sep 18 07:43:09 CEST 2013 on sn-devel-104
2013-09-17Fix OpenLDAP partition configsHoward Chu1-0/+22
Update to use LMDB backend, BDB is deprecated Update to support DomainDNSZones and ForestDNSZones partitions. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-17dsdb: Use credentials.get_forced_sasl_mech()Andrew Bartlett1-0/+2
This will allow us to force the use of only DIGEST-MD5, for example, which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Tue Sep 17 01:41:41 CEST 2013 on sn-devel-104
2013-09-16samba-tool domain provision: Make ldap_backend_startup.sh +x and take ↵Andrew Bartlett1-2/+5
optional arguments Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-16samba-tool domain join: Set server role correctly to "active directory ↵Andrew Bartlett1-2/+2
domain controller" We changed the magic string when we reworked the list of server roles. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Sep 16 23:33:41 CEST 2013 on sn-devel-104
2013-09-16samba-tool domian join: Only print adminpass warning on subdomain creationAndrew Bartlett1-0/+3
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16samba-tool domain join: Add --quite and --verboseAndrew Bartlett2-45/+63
This means we now use logger consistently between doimin join, domain dcpromo and domain provision. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16join.py: Restore support for joining as a subdomainAndrew Bartlett2-7/+16
This set of patches fixes up the errors that were introduced into the partial support during the past couple of years. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16join.py: Handle more error cases with useful exceptionsAndrew Bartlett1-1/+9
This will help track down strange failures in the future. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16samba-tool domain join subdomain: Set "reveal_internals:0" control so we can ↵Andrew Bartlett1-1/+1
see the ncName The issue here is that we create the ncName remotely with DsAddEntry, and then replicate it back. However, at this point the naming context pointed at by the ncName does not exist! The issue is that the extended_dn_out module then hides the link, because it points to a missing object. The reveal_internals control forces this link to be returned, and so we can then find the GUID, to create the domain with the right GUID. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16join.py: Show which database we failed to find the DN on (clarify local v ↵Andrew Bartlett1-1/+1
remote) Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16join.py: Handle exceptions when looking for GUID in a DNAndrew Bartlett1-1/+5
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-04scripting/join.py: Handle creating the dns-NAME account during a DC joinAndrew Bartlett2-7/+77
This will ensure that the DLZ plugin works out of the box when joining a second Samba DC to the domain. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2013-08-30python/provision: remove unused linklocal=False argument from interface_ips_v6()Stefan Metzmacher1-3/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Bjoern Jacke <bj@sernet.de> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Fri Aug 30 17:33:58 CEST 2013 on sn-devel-104
2013-08-30python/pyglue: filter out loopback and linklocal addresses unless ↵Stefan Metzmacher1-2/+43
all_interfaces is given Bug: https://bugzilla.samba.org/show_bug.cgi?id=10030 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Bjoern Jacke <bj@sernet.de>
2013-07-30samba-tool dbcheck: Correctly remove deleted DNs in dbcheckAndrew Bartlett1-1/+1
The previous pattern never matched, as it was a typo. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jul 30 12:55:00 CEST 2013 on sn-devel-104
2013-06-12python samba-tool drs: Correctly print KCC references to deleted serversAndrew Bartlett1-3/+12
Tested against Windows 2008R2, presumably before the KCC ran. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-06-11Remove remaining references to "password level" in the treeAndrew Bartlett1-1/+0
Reviewed-by: Simo Sorce <idra@samba.org> Autobuild-User(master): Simo Sorce <idra@samba.org> Autobuild-Date(master): Tue Jun 11 16:25:54 CEST 2013 on sn-devel-104
2013-06-01dns: Delete dnsNode objects when they are emptyKai Blin1-0/+117
If an update leaves the dnsNode without any entries, the dnsNode object should be deleted. Thanks to Günter Kukkukk for his excellent debugging work on this one. This should fix bug #9559 Signed-off-by: Kai Blin <kai@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-30samba-tool/dns: Set secure zone update flag after creating new zoneAmitay Isaacs1-3/+9
Windows DC ignores the secure update flag while creating new zone. Windows performs another operation to set the secure update flag. Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2013-05-30samba-tool/dns: Pass on additional flags when creating zonesAmitay Isaacs1-0/+6
Windows DCs require additional flags to be set when creating zones. This fixes bug #9599. Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2013-05-30s4-dns: Support update of SOA recordsAmitay Isaacs1-2/+3
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2013-05-28s4-dns: Print/Set minimumTTL value in SOA recordAmitay Isaacs1-1/+3
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue May 28 08:47:56 CEST 2013 on sn-devel-104
2013-05-16python-samba-tool domain classicupgrade: Use transactions when adding ↵Andrew Bartlett1-31/+69
users/groups/members This should make things a bit faster when importing very large numbers of users as we will not constantly rewrite the indicies on disk. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16samba-tool dbcheck: Use dsdb.DS_GUID_DELETED_OBJECTS_CONTAINER rather than ↵Andrew Bartlett1-1/+1
the literal value This is better practice. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16python-samba-tool domain classicupgrade: Correct message about re-promoting BDCsAndrew Bartlett1-1/+1
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16python-samba-tool domain classicupgrade: Actually Skip domain trust accountsAndrew Bartlett1-0/+1
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16python-samba-tool domain classicupgrade: Skip machine accounts that do not ↵Andrew Bartlett1-4/+11
end in $ These accounts will not work anyway, as all the domain member lookup code in netlogon expects the $. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16dns: Fix allocation of txt_record in txt record testsKai Blin1-8/+12
Signed-off-by: Kai Blin <kai@samba.org> Reviewed-By: Amitay Isaacs <amitay@gmail.com> Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Thu May 16 15:39:15 CEST 2013 on sn-devel-104
2013-05-16dns: more debug debug options in the testsKai Blin1-4/+26
Signed-off-by: Kai Blin <kai@samba.org> Reviewed-By: Amitay Isaacs <amitay@gmail.com>
2013-05-16dns: Add support for MX queriesKai Blin1-0/+43
Due to an oversight, the internal DNS server supports MX record updates, but not MX record queries. Add support for MX queries and tests. This should fix bug #9485 Signed-off-by: Kai Blin <kai@samba.org> Reviewed-By: Amitay Isaacs <amitay@gmail.com>
2013-05-15samba_tool/base.py: Fix typo.Karolin Seeger1-1/+1
Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-15netcmd/group.py: Fix typo.Karolin Seeger1-2/+2
Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-15samba-tool/tests: Force the gecos of the user to a fixed value.Matthieu Patou1-1/+10
When --gecos is not specified samba-tool user add will try to read the gecos field from a getpw call. And if user's GECOS is empty (like the build user on sn-devel-104) then the test will fail because we can't add an empty gecos. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed May 15 16:19:23 CEST 2013 on sn-devel-104
2013-05-06selftest: Output error when samba_tool user command failsMatthieu Patou1-2/+4
It should help to debug why is it failing on some hosts in the build farm (ie. sn-devel) Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-04-19samba-tool/dns: Fix a typo in ttl variable nameAmitay Isaacs1-1/+1
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-04-18netcmd/dns: fix typoDavid Disseldorp1-2/+2
Fix provided by Tobias Florek. Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Apr 18 12:40:33 CEST 2013 on sn-devel-104
2013-04-12source4/scripting/python/samba/samba3: handle ntdb files.Rusty Russell2-49/+53
Upgrading old Samba 3 instances seems like a place where we don't have to read ntdb files, but Andrew Bartlett points out that you can run a Samba 4.0 and even a 4.1 'classic' domain and desire to migrate that to the AD DC. So make this upgrade code generic: if it finds an ntdb file, read that, otherwise read the tdb file. Cc: Jelmer Vernooij <jelmer@samba.org> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-04-11scripting-provision: Do not enforce domain != realm if we are joining an ↵Andrew Bartlett1-4/+5
existing domain This will allow us users to join existing oddly named domains without objection from provision. Andrew Bartlett Reviewed-by: Matthieu Patou <mat@matws.net> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Apr 11 10:41:02 CEST 2013 on sn-devel-104
2013-04-10python-samba-tool domain classicupgrade: Make failure to connect directly to ↵Andrew Bartlett1-1/+1
the LDAP backend fatal This is better than failing just a little further down the stack with a useless error about use-before-set. Andrew Bartlett Reviewed-by: Michael Adam <obnox@samba.org>
2013-03-25scripting: Fill the ProvisionNames hash with strings, not ldb.MessageElement ↵Andrew Bartlett1-8/+7
or Dn This avoids the need to fix it up again in samba_upgradedns. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Mar 25 13:25:30 CET 2013 on sn-devel-104
2013-03-25samba-tool ldapcmp: Remove the GUID -> name mappingsAndrew Bartlett1-43/+4
These mappings are very convenient, however because they are not one-to-one, they lead to differences being reported when none exist, dependent only on the order the schema searches return results in. Sadly the time saved by the names is offset by the time wasted chasing the 'differences' that don't exist. This in turn fixes some tests that were previously knownfail Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25scripting: Modify samba.descriptor.get_diff_sds() to cope with a missing ↵Andrew Bartlett1-2/+2
reference owner This allows the reference SD not to have an owner specified, and still have the comparison with a database SD that does have an owner pass. (And the same for owning group). Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25samba-tool dbcheck: Allow dbcheck to correct an nTSecurityDescriptor without ↵Andrew Bartlett1-0/+41
an owner or group This is done by making a modification to the SD, which triggers it to be filled in if we have the correct session_info established on the DB. However, we normally want dbcheck running as system, so we wrap the session_info set around this operation only. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25samba-tool dbcheck: Add --reset-well-known-aclsAndrew Bartlett2-4/+71
This will allow an upgrade from Samba 4.0.0 without needing to run samba_upgradeprovision, which for now is not the preferred upgrade tool. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25scripting: Move get_diff_sds from samba.upgradehelpers to samba.descriptorAndrew Bartlett3-155/+156
This helps avoid a dependency loop when we use get_diff_sds in dbcheck. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25scripting: Modify samba.descriptor.get_wellknown_sds() use samdb calls onlyAndrew Bartlett1-49/+58
We need this routine not to use the names context as this is tied to provision, and we end up in a circular dependency if we use that in dbcheck. Andrew Bartlett